Heartbleed: What You Do and Do Not Need To Worry About

If you have a business website, you’ve probably already heard, and are worried, about the Heartbleed Bug.

Simply put, the Heartbleed Bug is a flaw in the SSL certificate used by some websites. That flaw might allow passwords, credit card numbers and other data to be leaked as a result.

SSL certificates are usually limited to websites that deal with online financial transactions. Websites that use it can be distinguished because they include an “https” instead of “http” in their URL. A lock can also often be seen in the search window in front of the URL while visiting the site.

Mashable recently published a hit list of some big sites and services affected. These include:

Facebook

Pinterest

Tumblr

Google

Yahoo

Gmail

Yahoo Mail

Amazon Web Services

Etsy

GoDaddy

Flickr

YouTube

There has already been a Chrome extension (and probably other tools out there) claiming to help determine whether your site is affected. Of course, it’s important to be careful when using such tools and perhaps make some tests to be sure they are reliable. For example, you might test them to see whether you get any false positives.

Since only “https” sites can potentially be affected for example, test to see whether you get positive reads off “http” sites, too. If so, the tool your using might not be trustworthy.

Dominic Lachowicz, Vice President of Engineering at Merchant Warehouse, also cautions that not all SSL certificates are flawed. Merchant Warehouse provides electronic sales tools for mobile, ecommerce and storefront sales, but Lachowicz says the company was not affected by the bug.

Lachowicz spoke with Small Business Trends recently about some of the issues of most concern with Heartbleed. He acknowledged:

“This is indeed a serious problem on the Web. The first thing I’d like to advise everyone is to not panic.”

He says the first step is to determine whether your site has been affected. If you maintain your own site, Lachowicz recommends testing it for the bug using a tool built by encryption consultant Filippo Valsorda.

If your site has been affected, you will need to reinstall your site’s SSL certificate. For example, Lachowicz writes in a recent post on the official Merchant Warehouse Blog that a new fixed version of OpenSSL has already been released.

If you don’t manage your own website, Lachowicz recommends reaching out immediately to your Web development team or online provider. They will be able to tell you whether they have been affected.

If they have, chances are a fix has already been installed, in which case you will simply need to change any passwords associated with the site. That should be enough to protect against any future exposure.

Shawn Hessinger is the Editor for Small Business Trends. He is a journalist and social media networker with more than a decade of experience in the traditional newspaper business before moving to the digital world. He was the former community manager of BizSugar and the former community editor at AllAnalytics, a site dedicated to professionals in the business intelligence and analytics community.

4 Reactions

Hi Joel,
Again, use these tools with discretion. There’s a lot of fear being generated out there. But ultimately it’s best to take a methodical approach and ask some simple, practical questions to determine whether there is any real likelihood you have been affected.

Subscribe

About Small Business Trends

Founded in 2003, Small Business Trends is an award-winning online publication for small business owners, entrepreneurs and the people who interact with them. It is one of the most popular independent small business publications on the web.

Together with hundreds of expert contributors, Small Business Trends brings you the news, advice and resources you need. "Small business success... delivered daily."